Is one of Anonymous or Windows Authentication really required for IIS when hosting an ASP.NET CORE application

Tom Carter

9/13/23, 1:35 PM

I have an ASP.NET CORE application hosted in IIS. The application uses OAUTH/OIDC for authenticating API requests. I have observed that if neither Anonymous nor Windows Authentication is activated then requests are rejected by IIS and do not make it through to the application (even though to the Authentication Header is set for Bearer). If I enable Anonymous Authentication then the requests pass through to the application for authentication according to OAUTH/OIDC.

I believe that in the case of a classic ASP.NET application hosted in IIS than even though both Anonymous and Windows authentication were NOT enabled, requests still pass through to the application.

Can the community please confirm this - must I activate Anonymous mode in IIS or am I missing some other configuration?

Our IT admin policy is to not allow Anonymous Authentication in IIS (this is a problem as we migrate our ASP.NET Core applications to OIDC and away from Windows Authentication)

0 + 0

iis

asp.net

authentication

Lex Li

9/13/23, 4:02 PM

No. Even for classic ASP.NET apps, anonymous authentication is required.

djdomi

9/13/23, 5:54 PM

correctly, any service needs to have either a known or a unknown user, but can't handle non user requests. the same thing would be if you would try to use a fileshare

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is one of Anonymous or Windows Authentication really required for IIS when hosting an ASP.NET CORE application

TH: การตรวจสอบสิทธิ์แบบไม่ระบุตัวตนหรือการพิสูจน์ตัวตนของ Windows จำเป็นจริงๆ สำหรับ IIS เมื่อโฮสต์แอปพลิเคชัน ASP.NET CORE หรือไม่

RO: Este unul dintre Autentificarea anonimă sau Windows într-adevăr necesară pentru IIS atunci când găzduiește o aplicație ASP.NET CORE

RU: Действительно ли для IIS требуется анонимная или Windows-аутентификация при размещении приложения ASP.NET CORE?

VI: Là một trong những Xác thực ẩn danh hoặc Windows có thực sự cần thiết cho IIS khi lưu trữ ứng dụng ASP.NET CORE

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.